The Open Web Application Security Project (OWASP) is a 501c3 not-for-profit worldwide charitable organization focused on improving the security of application software. Our mission is to make application security visible, so that people and organizations can make informed decisions about true application security risks. Everyone is free to participate in OWASP and all of our materials are available under a free and open software license.

Project Review a Team Members Announced

We are happy to announce that we have formed a team of volunteers for the Project Review Committee to relaunch the Project review team and incentives for projects.

Timo Goosen

Christo Goosen

Enrico Branca

Johanna Curiel

Tom Brennan ==> As part of the Board members and now leading Projects

We are redefining the goals of the Project Review Team (mostly known as the Project task force)
but we want to create clear goals by redefining some of the original committee goals launched almost 2 years ago.Main changes to this committee goals will be:

Handling the process for starting new projects and reviewing submitted proposals

Guide new leaders to take that idea into a feasible and realizable project

Create webinars/meetings with regional leaders to promote guidelines

Create a Handbook & Guidelines for starting a new project and maintaining the project guidelines

Implement a portal for project reviews & reporting through Github which Enrico has already worked on
Automation and monitoring of new projects and existing projects

Implement a fixed QA review for project graduation with professional testers as we did back in 2014 major reviews

Look for sponsors and create specific budget for the committees activities

OWASP Proactive Controls Top Ten V2 Release

We just released the OWASP Proactive Controls Top Ten v2. (Download PDF). Big thanks Jim Bird and Katy Anton for their dedication in making this release a reality. This document is a "developer centric" answer to the OWASP Top Ten. It's meant to be an awareness document to inform developers about the basics of building secure software. As a process, we made the document "world editable" and fielded literally hundreds of community change requests (many from anonymous sources) from to hopefully represent consensus in our community. Thanks to everyone who helped make this happen. We hope it helps serve the cause in some way.

OWASP Security Knowlege Framework Project Release

Cornucopia Web Edition Released

OWASP Cornucopia project co-leader Darío De Filippis conceived, created and published a wiki version of "OWASP Cornucopia - Ecommerce Website Edition", the web application security training and threat modeling card game. The wiki deck, comprising 91 new pages, complements the existing print versions and provides a single place to easily browse around the suits and cards, jump to the relevant cross-references, and most importantly includes an extra technical note for each card. The technical notes supplement the card text, providing additional information on each threat and attack. It also aids game play by providing some clarification between cards which at first might seem similar.The project team welcomes any contributions to correct, extend, and improve the technical notes for each card. The wiki deck can be found at:https://www.owasp.org/index.php/Cornucopia_-_Ecommerce_Website_Edition_-_Wiki_DeckThe main project page, including FAQs, how to play video, presentation, and how to obtain the decks of cards is at https://www.owasp.org/index.php/OWASP_Cornucopia

ZSC Tools Volunteers Needed

Global AppSec Events

OWASP AppSecEUThe European OWASP Conference is going to be one of the best ever.
Do not miss this opportunity!
7 June - 1 July 2016Thanks to the impressive number of paper submissions received, the qualified organisations and people that submitted them and the important sponsors, this will be one of the best OWASP conferences ever. Do not miss the opportunity to hear and share ideas and knowledge with a wide number of experts!The next OWASP AppSecEU (http://2016.appsec.eu/) will take place at the Marriott Park Hotel in Rome, Italy.The Open Web Application Security Project is an open-source project for application security. OWASP provides advice on the creation of secure Internet applications and testing guides.It boasts a strong global community with more than 45,000 participants, more than 55 corporate members and 20 academic supporters through 249 active local chapters in 6 continents and 97 countries.More than 800 people are expected at the event, with 3 days of training followed by the 2-day conference that includes:

Five parallel talks with focus on the OWASP core mission (Dev, Ops, Hack, CISO and Research);

Keynotes from industry leaders;

Exhibition spaces that offer innovative solutions for the needs of companies.

Do not miss the opportunity to participate asSPONSORto this high level conference, mentioned in Tripwire as aTOP 11 SECURITY CONFERENCE IN 2016.More details on registration, program and speakers will be sent in a forthcoming communication.Please contact us with any questions or comments you may have at the following address: appseceu2016@owasp.orgOther Global AppSec EventsAppSecUSA 2016 will be held on 11-14 October 2016 in Washington DC. Mark your calendars!

Ads are not endorsements and reflect the messages of the advertiser only. They represent co-marketing arrangements
with other organizations in support of the OWASP Community. CLICK HERE for more information on advertising.

Cluj, Romania: Lucian Suta and Cristian Serban, new leaders. Much appreciation owed to Lucian Corlan who founded the chapter last year and developed wonderful public programs on application security with local government.https://www.owasp.org/index.php/Cluj

London: Sam Stepanyan and Sherif Mansour Farag, new leaders. Huge thanks to Justin Clarke, Tobias Gondrom, and Dennis Groves who are stepping down as London leaders.
https://www.owasp.org/index.php/London

Notable Chapter Activity

Funding UpdatesSome of our chapters and projects that ended the year with less than $500 will be seeing an increase in their funding allocations. It is our hope that these addition will help active chapters to jumpstart their activities for the new year without worry that they will not be able to afford to host a meeting. Chapters and projects with current activity and at least two leaders got an increase and we will soon announce a series of calls to discuss ideas for renewed activities.One of the best ways for our projects and chapters to raise funds is to recruit new, paid memberships and local sponsors. Individual memberships are a low $50 per year (pro rated in some countries) and corporate memberships are available at $5,000, $20,000 and $50,000, a portion of which can be allocated to a chapter and/or project. Local sponsorships are available in smaller amounts and can be allocated directly to a project or chapter, making a valuable contribution to their activities. Interested local sponsors can make a contribution via the "Donate" button on your favorite chapter or project's wiki page.Please show your support for OWASP Projects and Chapters by becoming an Individual or Corporate member today!We at the OWASP Global Foundation are looking forward to hearing about more such events in future.Share your chapter's successes! Submit Your Stories